Vulnerability Name:

CVE-2005-0953 (CCN-19926)

Assigned:2005-03-30
Published:2005-03-30
Updated:2018-10-19
Summary:Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:3.7 Low (CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P)
3.2 Low (Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
2.6 Low (CCN CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:P)
2.3 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:H/Au:N/C:N/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:File Manipulation
References:Source: CCN
Type: FreeBSD Security Advisory FreeBSD-SA-05:14.bzip2
bzip2 denial of service and permission race vulnerabilities

Source: NETBSD
Type: UNKNOWN
NetBSD-SA2008-004

Source: SGI
Type: UNKNOWN
20060301-01-U

Source: CCN
Type: BugTraq Mailing List, Wed Mar 30 2005 - 15:38:55 CST
bzip2 TOCTOU file-permissions vulnerability

Source: MITRE
Type: CNA
CVE-2005-0953

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2005:972
bzip2 security fixes

Source: CCN
Type: Apple Web site
About the security content of Mac OS X 10.4.11 and Security Update 2007-008

Source: CONFIRM
Type: UNKNOWN
http://docs.info.apple.com/article.html?artnum=307041

Source: APPLE
Type: UNKNOWN
APPLE-SA-2007-11-14

Source: BUGTRAQ
Type: UNKNOWN
20050330 bzip2 TOCTOU file-permissions vulnerability

Source: CCN
Type: RHSA-2005-474
bzip2 security update

Source: SECUNIA
Type: UNKNOWN
19183

Source: CCN
Type: SA27274
Sun Solaris bzip2 Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
27274

Source: CCN
Type: SA27643
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
27643

Source: SECUNIA
Type: UNKNOWN
29940

Source: CCN
Type: bzip2 Web site
The bzip2 and libbzip2 official home page

Source: CCN
Type: Sun Alert ID: 103118
Two Security Vulnerabilities in the bzip2(1) Command may Allow the Permissions of Arbitrary Files to be Modified or Allow for Arbitrarily Large Files to be Created

Source: SUNALERT
Type: UNKNOWN
103118

Source: SUNALERT
Type: UNKNOWN
200191

Source: CCN
Type: ASA-2007-451
Two Security Vulnerabilities in the bzip2(1) Command may Allow the Permissions of Arbitrary Files to be Modified or Allow for Arbitrarily Large Files to be Created (Sun 103118)

Source: DEBIAN
Type: Patch, Vendor Advisory
DSA-730

Source: DEBIAN
Type: DSA-730
bzip2 -- race condition

Source: FEDORA
Type: UNKNOWN
FLSA:158801

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:026

Source: CCN
Type: OpenPKG-SA-2005.008
bzip2

Source: CCN
Type: OpenPKG-SA-2005.010
OpenPKG

Source: CCN
Type: OpenPKG-SA-2007.002
bzip2

Source: OPENPKG
Type: UNKNOWN
OpenPKG-SA-2007.002

Source: REDHAT
Type: UNKNOWN
RHSA-2005:474

Source: BUGTRAQ
Type: UNKNOWN
20070109 rPSA-2007-0004-1 bzip2

Source: BID
Type: UNKNOWN
12954

Source: CCN
Type: BID-12954
bzip2 chmod File Permission Modification Race Condition Weakness

Source: BID
Type: UNKNOWN
26444

Source: CCN
Type: BID-26444
Apple Mac OS X v10.4.11 2007-008 Multiple Security Vulnerabilities

Source: CCN
Type: TLSA-2005-60
Two vulnerabilities discovered in bzip2

Source: CCN
Type: USN-127-1
bzip2 vulnerabilities

Source: CERT
Type: US Government Resource
TA07-319A

Source: VUPEN
Type: UNKNOWN
ADV-2007-3525

Source: VUPEN
Type: UNKNOWN
ADV-2007-3868

Source: XF
Type: UNKNOWN
bzip2-toctou-symlink(19926)

Source: XF
Type: UNKNOWN
bzip2-toctou-symlink(19926)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10902

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1154

Vulnerable Configuration:Configuration 1:
  • cpe:/a:bzip:bzip2:0.9:*:*:*:*:*:*:*
  • OR cpe:/a:bzip:bzip2:0.9.5_a:*:*:*:*:*:*:*
  • OR cpe:/a:bzip:bzip2:0.9.5_b:*:*:*:*:*:*:*
  • OR cpe:/a:bzip:bzip2:0.9.5_c:*:*:*:*:*:*:*
  • OR cpe:/a:bzip:bzip2:0.9.5_d:*:*:*:*:*:*:*
  • OR cpe:/a:bzip:bzip2:0.9_a:*:*:*:*:*:*:*
  • OR cpe:/a:bzip:bzip2:0.9_b:*:*:*:*:*:*:*
  • OR cpe:/a:bzip:bzip2:0.9_c:*:*:*:*:*:*:*
  • OR cpe:/a:bzip:bzip2:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:bzip:bzip2:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:bzip:bzip2:1.0.2:*:*:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:10902
    V
    Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.
    2013-04-29
    oval:com.redhat.rhsa:def:20050474
    P
    RHSA-2005:474: bzip2 security update (Low)
    2008-03-20
    oval:org.mitre.oval:def:1154
    V
    bzip2 Arbitrary File Permission Modification Vulnerability
    2005-09-21
    oval:org.debian:def:730
    V
    race condition
    2005-05-27
    BACK
    bzip bzip2 0.9
    bzip bzip2 0.9.5_a
    bzip bzip2 0.9.5_b
    bzip bzip2 0.9.5_c
    bzip bzip2 0.9.5_d
    bzip bzip2 0.9_a
    bzip bzip2 0.9_b
    bzip bzip2 0.9_c
    bzip bzip2 1.0
    bzip bzip2 1.0.1
    bzip bzip2 1.0.2